Adversarial Dictionary Learning
This work frames the learning of multiple adversarial perturbations as a sparse dictionary learning problem bridging the gap between specific and universal attacks. On the one hand, this framework allows to build an adversary attack to new examples by only learning the coding vectors, provided that the dictionary is known. On the other hand, the a posteriori study of the atoms unveils the most common patterns to attack the classifier. Numerical experiments illustrate that our approach, termed as Sparse Coding of ADversarial Attacks (SCADA), achieves higher fooling rates of the deep model than state-of-the-art attacks for smaller adversarial perturbations.